Setting up single sign-on (SSO) with Microsoft – portatour® Help Center

Setting up Microsoft as a single sign-on provider

Go to Workspace Organization and open the Options (Direct link to portatour > Organization options).
Click on Single sign-on provider > Add and select Microsoft. The following window appears:
Are you yourself Entra ID administrator of your Microsoft client?
- If yes:
  1. Click on Log in with Microsoft.
  2. Sign in with your Microsoft account.
  3. Confirm the requested permissions with Accept.
- If no:
  1. Click on Enter tenant ID manually.
  2. Click Copy link and tell your Entra ID administrator this link to install the 'portatour® single sign-on' company application and accept the requested permissions. Your administrator will receive the client ID.
  3. Enter the client ID provided.
Enter the name of your Microsoft client in the Name field. Typically, this is your company name. No verification takes place. The name helps you and your users to identify the correct Microsoft account if you have several Microsoft clients.
Click Save.

portatour® allows users to log in with both user name & password and SSO. If you introduce SSO, this is done for existing users without interruption and without the need for timing.
You can see both login options for a user in the user list. Manage them at the user's detail view or via mass editing of users.

If you have successfully introduced SSO, you can deactivate the login via user name & password if desired.

In a user's detail view, click on Disable login in the Log in with user name & password section.
Alternatively, use mass editing in the user list. In any case, make sure beforehand that the affected users have already successfully logged in with SSO, e.g. using the extended search and the predefined filter Login with SSO > possible (link to account used).

portatour® allows you to set up multiple SSO providers. This supports the following scenarios, among others:

Users from different organizations (countries, subcontractors, internal/external) work in portatour®, whereby each organization is managed in a separate Microsoft client.
You want to change the SSO provider. The transition is seamless for users, as both providers work in parallel.
Assign a unique name to each SSO provider. In the user detail view and in user mass editing, the respective SSO providers can be found in their own sections, in user export/import in their own columns.

Several SSO assignments can be stored at a user in portatour®. This is useful for the SSO provider change scenario mentioned above.
Different portatour® users can also be assigned to the same user of a SSO provider. The portatour® user may also be located in different portatour® company accounts. In such cases, the user is prompted after the SSO login to select the desired portatour® user with which they wish to continue working.
This is helpful, for example, in a scenario where an administrator manages several portatour® company accounts and therefore has a separate account in each portatour® company account.

For the assignment of Microsoft users to portatour® users read Assigning Microsoft users to portatour® users for single sign-on.
Find out how to deactivate single sign-on for all or individual users at Deactivate single sign-on (SSO).